Hacking Attack Woke Up Dallas With Emergency Sirens, Officials Say

Image

Warning sirens in Dallas, meant to alert the public to emergencies like severe weather, started sounding around 11:40 p.m. Friday, and were not shut off until 1:20 a.m.CreditCreditRex C. Curry for The New York Times

Officials in Dallas said the city’s warning system was hacked late on Friday night, disrupting the city when all 156 of its emergency sirens sounded into the early hours of Saturday morning.

The alarms, which started going off around 11:40 p.m. Friday and lasted until 1:20 a.m. Saturday, created a sense of fear and confusion, jarring residents awake and flooding 911 with thousands of calls, officials said.

Sana Syed, a spokeswoman for the city, said in a telephone interview that the sound of the sirens, which are meant to alert the public to severe weather or other emergencies, was interpreted by some as a warning sign of a “bomb or something, a missile.”

“I can understand the concern,” she said, noting the recent airstrikes in Syria.

Social media was flooded with complaints. “Talk about creepy,” wrote one user.

Officials declined to give full details about the nature of the breach, citing security reasons, but they said they believed it had originated locally.

“We do believe it came from the Dallas area because of the proximity to our signal you need to have in order to pull it off,” Ms. Syed said.

Mayor Mike Rawlings called the breach “an attack on our emergency notification system” and said it was evidence of a need to upgrade and safeguard the city’s technology infrastructure.

“We will work to identify and prosecute those responsible,” he wrote on his Facebook page.

The alarms blasted for 90-second durations about 15 times, Rocky Vaz, the director of the city’s Office of Emergency Management, told reporters at a news conference.

Mr. Vaz said emergency workers and technicians had to first figure out whether the sirens had been activated because of an actual emergency. And turning off the sirens also proved difficult, eventually prompting officials to shut down the entire system.

“Every time we thought we had turned it off, the sirens would sound again, because whoever was hacking us was continuously hacking us,” Ms. Syed said.

The system was still down on Saturday afternoon, and officials said they hoped to have it functional again by the end of the weekend. They said they had pinpointed the origin of the security breach after ruling out that the alarms had come from their control system or from remote access.

“Talking to all the experts in the siren industry, in the field,” Mr. Vaz said. “This is a very rare event.”

Mr. Vaz said that Dallas had reached out to the Federal Communications Commission for help and was taking steps to prevent hackers from setting off the entire system again, but that city officials had not communicated with federal law enforcement authorities.

The city has had other recent struggles with its emergency systems. Its 911 system has had a problem with one phone carrier that has caused wait times as long as 26 minutes, The Dallas Morning News reported.

At least 4,400 calls came into the area’s 911 system locally in the hours around the attack on Friday night, Ms. Syed said — about double the amount normal overnight. The longest wait time was about six minutes, she said.

Security officials have warned for years about the risks that hacking attacks can pose to infrastructure. The number of attacks on critical infrastructure appears to have risen: to nearly 300 in 2015 from just under 200 in 2012, according to federal data. In 2013, hackers tied to the Iranian military tried to gain control of a small dam in upstate New York.